NOTE-5-0

NOTE! New users can ignore these release notes, because the
documentation has been updated to reflect all changes that are recorded
here.

Below we roughly organize the changes since Version 4.3 into the following
categories of changes: existing features, new features, heuristic
improvements, bug fixes, changes at the system level and to distributed
books, Emacs support, and experimental versions. Each change is described in
just one category, though of course many changes could be placed in more than
one category.

NOTE: ACL2 is now distributed under Version 2 of the GNU General Public
License. [Added later: The license has changed since Version_5.0. See
LICENSE.] Formerly, any later version had been acceptable. Moreover, books
are no longer distributed from a University of Texas website, but rather,
from Google Code at http://code.google.com/p/acl2-books/downloads/.

CHANGES TO EXISTING FEATURES

A fatal error now occurs if environment variable ACL2_CUSTOMIZATION has a
value other than NONE or the empty string, but is not the name of an
existing file. Thanks to Harsh Raju Chamarthi for requesting such a change.

We now avoid certain duplicate conjuncts in the constraint stored for
encapsulateevents. For example, the constraint stored for the
following event formerly included (EQUAL (FOOP (CONS X Y)) (FOOP Y)) and
(BOOLEANP (FOOP X)) twice each, but no more.

The :guard for a constrained function (see signature) may now
mention function symbols introduced in the same encapsulate event that
introduces that function. Thanks to Nathan Wetzler for a helpful discussion
leading to this improvement.

The test for redundancy of defun and defconst events has been
improved in the case that redefinition is active. In that case, redundancy
now additionally requires that the ``translated'' body is unchanged, i.e.,
even after expanding macro calls and replacing constants (defined by
defconst) with their values. Thanks to Sol Swords for requesting this
enhancement, and to Jared Davis for pointing out a bug in a preliminary
change. See redundant-events, in particular the ``Note About Unfortunate
Redundancies''. Note that this additional requirement was already in force
for redundancy of defmacro events.

The macro defmacro-last and the tablereturn-last-table have
been modified so that when they give special treatment to a macro mac and
its raw Lisp counterpart mac-raw, a call (return-last 'mac-raw ...)
can be made illegal when encountered directly in the top level loop, as
opposed to inside a function body. See return-last. Thanks to Harsh Raju
Chamarthi for showing us an example that led us to make this improvement.

We removed a barrier to admitting function definitions, as we explain using
the following example.

Previously, ACL2 complained that it could not determine the outputs of the
LET form, as is necessary in order to ensure that STATE is
returned by it. ACL2 now works harder to solve this problem as well as the
analogous problem for MV-LET and, more generally for
mutual-recursion. (The main idea is to reverse the order of processing
the IF branches if necessary.) We thank Sol Swords for contributing a
version of the above example and requesting this improvement.

It is no longer the case that break-on-error causes a Lisp break when
encountering an error during translation of user input into internal
(translated) form (see term). The reason is that an improvement to the
translation process, specifically the one described in the preceding
paragraph, allows certain backtracking from ``errors'', which are intended to
be silent rather than causing breaks into raw Lisp. Thanks to Jared Davis
for sending an example leading to this change.

(CCL and SBCL only) When the host Lisp is CCL or SBCL, then since all
functions are compiled, a certify-book command will no longer load the
newly-compiled file (and similarly for include-book with argument
:load-compiled-file :comp).

Set-write-acl2x now returns an error triple and can take more values,
some of which automatically allow including uncertified books when
certify-book is called with argument :acl2x t.

The environment variable COMPILE_FLG has been renamed
ACL2_COMPILE_FLG; see certify-book.

The macros defthmd and defund no longer return an error triple
with value :SKIPPED when proofs are being skipped. Rather, the value
returned is the same as would be returned on success when proofs are not
skipped.

For those who use set-write-acl2x: now, when certify-book is
called without a :ttagsx argument supplied, then the value of :ttagsx
defaults to the (explicit or default) value of the :ttags argument.

The :pl and :pl2commands can now accept terms
that had previously been rejected. For example, the command
:pl (member a (append x y)) had caused an error, but now it works as one
might reasonably expect, treating member as member-equal
(see equality-variants for relevant background). Thanks to Jared Davis for
reporting this problem by sending the above example.

We have eliminated some hypotheses in built-in rewrite rules
characterp-nth and ordered-symbol-alistp-delete-assoc-eq.

The built-in function string-for-tilde-@-clause-id-phrase has been put
into :logic mode and had its guards verified, as have some
subsidiary functions. A few new rules have been added in support of this
work; search for string-for-tilde-@-clause-id-phrase in ACL2 source file
boot-strap-pass-2.lisp if interested. Thanks to David Rager for
contributing an initial version of this improvement.

All trust tags are now in the keyword package. The defttag event
may still take a symbol in an arbitrary package, but the trust tag created
will be in the keyword package (with the same symbol-name as the symbol
provided). Similarly, non-nil symbols occurring in the :ttags
argument of an include-book or certify-book command will be
converted to corresponding keywords. See defttag.

There have been several changes to gag-mode. It is now is initially set
to :goals, suppressing most proof commentary other than key checkpoints;
see set-gag-mode. (As before, see pso for how to recover the proof
output.) Also, top-level induction schemes are once again printed when
gag-mode is on, though these as well as printing of guard conjectures can be
abbreviated (``eviscerated'') with a new evisc-tuple;
see set-evisc-tuple, in particular the discussion there of :GAG-MODE.
Finally, the commentary printed within gag-mode that is related to
forcing-rounds is now less verbose. Thanks to Dave Greve and David
Rager for discussions leading to the change in the printing of induction
schemes under gag-mode; thanks to Warren Hunt for an email that led us to
similar handling for printing of guard conjectures; and thanks to Robert Krug
for a suggestion that led us to restore, in abbreviated form, important
information about the sources of forcing round goals.

An error now occurs if ld is called while loading a compiled book.
See calling-ld-in-bad-contexts. Thanks to David Rager for reporting a
low-level assertion failure that led us to make this change.

The proof-checker interactive loop is more robust: most errors will
leave you in that loop, rather than kicking you out of the proof-checker and
thus back to the main ACL2 read-eval-print loop. Thanks to David Hardin for
suggesting this improvement in the case of errors arising from extra right
parentheses.

The summary at the end of a proof now prints the following note when
appropriate:

Improved dmr to show the function being called in the case of
explicit evaluation: ``(EV-FNCALL function-being-called)''.

It is now permitted to bind any number of stobjs to themselves in the
bindings of a LET expression. But if any stobj is bound to other than
itself in LET bindings, then there still must be only one binding in
that LET expression. The analogous relaxation holds for LAMBDA
expressions. Thanks to Sol Swords for requesting such a change, which was
needed for some code generated by macro calls.

The macro top-level now returns without error; See top-level.
Formerly, this macro always returned an error triple (mv t .. state),
which meant that normal calls of ld would stop after encountering a
call of top-level. Thanks to Jared Davis for bringing this issue to our
attention.

It is no longer the case that when you specify xargs keyword
:non-executable t in a defun form rather than using defun-nx,
then the form of the body need match only the shape
(prog2$ (throw-nonexec-error ... ...) ...). We now require that the body
of the definition of a function symbol, fn, with formals (x1 ... xk),
be of the form (prog2$ (throw-nonexec-error 'fn (list x1 ... xk)) ...).
This fixes the following odd behavior, which could be considered a bug.
Consider a book that contains the following two events.

After certifying this book and then including it in a new session, the
behavior occurred that is displayed below; notice the mention of BAR.
However, if the two forms were submitted directly in the loop, then the error
message had mentioned FOO instead of BAR. This discrepancy has been
eliminated, by rejecting the proposed definition of foo because the name
in the first argument of throw-nonexec-error was 'bar where now it
must be 'foo.

A tautology checker used in the ACL2 sources (function if-tautologyp) has
been limited somewhat in the effort it makes to recognize a tautology. While
we expect it to be rare for the effect of this change to be noticeable, we
thank Sol Swords for sending us an example that motiviated this change: a
guard verification that took about 5 seconds in Version_4.3 now takes,
on the same machine, about 0.07 seconds.

The behavior of backquote (`) has been changed slightly to be compatible
with its behavior in raw Lisp. The change is to allow the use of
comma-atsign (,@) at the end of a list, as in the following example.

(let ((x 3) (y 2) (z 7)) `(,x ,y ,@z))

Formerly, evaluation of this form had caused a guard violation in the ACL2
loop unless guard-checking was off (i.e., set-guard-checking was
involked with nil or :none), in which case it returned (3 2).
But we observed evaluation of this form to return (3 2 . 7) in every host
Lisp on which ACL2 runs (Allegro CL, CCL, CLISP, CMUCL, GCL, LispWorks, and
SBCL). Now, ACL2 behaves like these Lisps.

A call of the theory macro had previously returned nil when applied
to other than the name of name of a previously executed deftheory
event. Now, a hard error occurs.

The function booleanp is now defined using eq instead of
equal, which may increase its efficiency. Thanks to Jared Davis for
this change.

For pairs (key . val) in the macro-aliases-table, there had been a
requirement that val is a known function symbol. Now, it only needs to
be a symbol. (This change was made to support the new feature,
defun-inline, described elsewhere in these release notes.)

NEW FEATURES

A new ``tau system'' provides a kind of ``type checker.'' See tau-system.
Thanks to Dave Greve for supplying a motivating example (on which this system
can provide significant speedup), and to Sol Swords for sending a very
helpful bug report on a preliminary implementation.

Users may now arrange for additional summary information to be printed at the
end of events; see print-summary-user. Thanks to Harsh Raju Chamarthi
for requesting this feature and participating in a design discussion.

A new, advanced proof-checker command, geneqv, shows the generated
equivalence relation at the current subterm. Thanks to Dave Greve for an
inquiry leading to this enhancement.

A new reader macro, #u, permits the use of underscore characters in a
number. See sharp-u-reader. Thanks to Jared Davis for requesting this
capability.

New proof-checker commands pl and pr provide interfaces to the
ACL2 commands :pl and :pr, respectively. These can be
useful if you want to see trivially-proved hypotheses, as now clarified in
the proof-checker documentation for its show-rewrites command.
See proof-checker-commands. Thanks to Pete Manolios for suggesting such
clarification and capability.

It is now legal to call non-executable functions without the usual
signature restrictions imposed on executable code. For example,
the third event below was not admissible, but now it is.

Thanks to Jared Davis for requesting this enhancement, in particular for
calling non-executable functions in the :logic part of an mbe
call. Here is Jared's example, which is admissible now but formerly was
not.

A new macro, non-exec, allows the use of non-executable code, for
example inside ordinary function definitions. Thanks to Sol Swords for
requesting this enhancement.

A new ``provisional certification'' process is supported that can allow
books to be certified before their included sub-books have been
certified, thus allowing for potentially much greater `make'-level
parallelism. See provisional-certification. Thanks to Jared Davis for
requesting this feature and for helpful discussions, based in part on
rudimentary provisional certification schemes that he developed first at
Rockwell Collins and later for his `Milawa' project. Also, thanks to Jared
and to Sol Swords for testing this feature and for providing a fix for a bug
in a preliminary implementation, and thanks to Sol for providing performance
feedback and a crucial suggestion that led to an improved implementation.

Event summaries now show the names of events that were mentioned in
hints of type :use, :by, or :clause-processor.
See set-inhibited-summary-types. Thanks to Francisco J. Martin Mateos for
requesting such an enhancement (actually thanks to the community, as his
request is the most recent but this has come up from time to time before).

ACL2 now stores a data structure representing the relation ``Event A is used
in the proof of Event B.'' See dead-events, which explains this data
structure and mentions one application: to identify dead code and unused
theorems. Thanks to Shilpi Goel for requesting such a feature and for
helpful feedback.

A new documentation topic provides a guide to programming with state;
see programming-with-state. Thanks to Sarah Weissman for suggesting that
such a guide might be useful, and to David Rager for helpful feedback on a
preliminary version. There also has been some corresponding reorganization
of the documentation as well as creation of additional documentation (e.g.,
see state-global-let*). Now, most built-in functions and macros commonly
used in programs (as opposed to events like defun, for example)
are subtopics of a new topic -- see acl2-built-ins -- which is a
subtopic of programming, a topic that in turn has considerably fewer
direct subtopiics than before.

It is now possible to bind extra variables in a :USE hint, thus avoiding
the error message: ``The formula you wish to instantiate, ..., mentions only
the variable(s) ...''. See lemma-instance, in particular the discussion of
keyword :extra-bindings-ok. Thanks to Sol Swords for requesting such an
enhancement.

The function read-object-suppress is like read-object except that it
avoids errors and discards the value read. See io.

A stobj may now be passed as an argument where another stobj is expected
if the two are ``congruent''. See defstobj, in particular, its discussion of
the new :congruent-to keyword of defstobj. Thanks to Sol Swords for
requesting this enhancement and for useful discussions contributing to its
design.

A new top-level utility has been provided that shows the assembly language
for a defined function symbol; see disassemble$. Thanks to Jared Davis for
requesting such a utility and to Shilpi Goel for pointing out an
inconvenience with the initial implementation. Note that it uses the
distributed book books/misc/disassemble.lisp, which users are welcome to
modify (see http://www.cs.utexas.edu/users/moore/acl2/).

The macro set-accumulated-persistence is an alias for
accumulated-persistence. Thanks to Robert Krug for suggesting this
addition.

A new documentation topic lists lesser-known and advanced ACL2 features,
intended for those with prior ACL2 experience who wish to extend their
knowledge of ACL2 capabilities. See advanced-features. Thanks to Warren
Hunt and Anna Slobodova for requesting such information.

A new macro, deftheory-static, provides a variant of deftheory
such that the resulting theory is the same at include-book time as it
was at certify-book time. Thanks to Robert Krug for helpful
discussions on this new feature and for updating his books/arithmetic-5/
distributed books to use this feature.

A new event, defabsstobj, provides a new way to introduce
single-threaded objects (see stobj and see defstobj). These so-called
``abstract stobjs'' permit user-provided logical definitions for
primitive operations on stobjs, for example using an alist-based
representation instead of a list-based representation for array fields.
Moreover, the proof obligations guarantee that the recognizer is preserved;
hence the implementation avoids executing the recognizer, which may be an
arbitrarily complex invariant that otherwise would be an expensive part of
guard checks. Thanks to Warren Hunt for a request leading us to design
and implement this new feature, and thanks to Rob Sumners for a request
leading us to implement a related utility, defabsstobj-missing-events.
See defabsstobj. Also thanks to Sol Swords for sending an example exhibiting
a bug in the initial implementation, which has been fixed.

A new command, :psof <filename>, is like :pso but directs proof
replay output to the specified file. For large proofs, :psof may
complete much more quickly than :pso. see psof. More generally,
a new utility, wof (an acronym for ``With Output File''), directs
standard output and proofs output to a file; see wof.

The new macro defnd defines a function with :guardt and
disables that function, in analogy to how defund defines with
defun and then disables. Thanks to Shilpi Goel for requesting
this feature.

The :pl2 command now shows :linear rules; and a new
proof-checker command, show-linears (equivalently, sls), is an
analogue of the proof-checkershow-rewrites (sr) command, but
for linear rules. Thanks to Shilpi Goel for requesting this new
proof-checker command. Finally, a corresponding new proof-checker command,
apply-linear (al), is an analogue of the proof-checkerrewrite (r) command, but for linear rules.

The macros add-macro-fn and remove-macro-fn replace macros
add-binop and remove-binop, respectively, though the latter
continue to work. The new macros allow you to decide whether or not to
display calls of binary macros as flat calls for right-associated arguments,
e.g., (append x y z) rather than (append x (append y z)).
See add-macro-fn.

It is now possible to request that the host Lisp compiler inline calls of
specified functions, or to direct that the host Lisp compiler not inline such
calls. See defun-inline and see defun-notinline. We thank Jared Davis for
several extensive, relevant conversations, and for finding a bug in a
preliminary implementation. We also thank others who have engaged in
discussions with us about inlining for ACL2; besides Jared Davis, we recall
such conversations with Rob Sumners, Dave Greve, and Shilpi Goel.

HEURISTIC IMPROVEMENTS

Reading of ACL2 arrays (see aref1, see aref2) has been made more
efficient (as tested with CCL as the host Lisp) in the case of consecutive
repeated reads of the same named array. Thanks to Jared Davis and Sol Swords
for contributing this improvement.

Slightly modified the induction schemes stored, so that calls of so-called
``guard-holders'' (such as mbe and prog2$ -- indeed, any call
of return-last -- and the) are expanded away. In particular,
calls of equality variants such as member are treated as their
corresponding function calls, e.g., member-equal;
see equality-variants. Guard-holders are also now expanded away before
storing constraints for encapsulateevents, which can
sometimes result in simpler constraints.

We now avoid certain rewriting loops. A long comment about this change,
including an example of a loop that no longer occurs, may be found in source
function expand-permission-result.

Slightly strengthened type-set reasoning at the level of literals (i.e.,
top-level hypotheses and conclusions). See the comment in ACL2 source
function rewrite-atm about the ``use of dwp = t'' for an example of a
theorem provable only after this change.

Strengthened the ability of type-set reasoning to make deductions about
terms being integers or non-integer rationals. The following example
illustrates the enhancement: before the change, no simplification was
performed, but after the change, the conclusion simplifies to (foo t).
Thanks to Robert Krug for conveying the problem to us and outlining a
solution.

Fixed a class of soundness bugs involving each of the following functions:
getenv$, get-wormhole-status, cpu-core-count,
wormhole-p, random$, file-write-date$, and
serialize-read-fn, and (for the HONS version of ACL2)
clear-memoize-table and clear-memoize-tables as well as (possible
soundness bug) serialize-write-fn. For example, we were able to admit
the following events, but that is no longer the case (neither for getenv$
as shown, nor analogously for other functions listed above).

Fixed a soundness bug based on the use of skip-proofs together with the
little-used argument k=t for certify-book. An example proof of
nil appears in a comment in the ACL2 sources, in
(deflabel note-5-0 ...).

Fixed a soundness bug that allowed users to define new proof-checker
primitive commands. Before this fix, a book proving nil could be
certified, as shown in a comment now in the introduction of the tablepc-command-table in source file proof-checker-a.lisp.

(Technical change, primarily related to make-event:) Plugged a security
hole that allowed books' certificates to be out-of-date with
respect to make-event expansions, but not recognized as such. The
change is to include the so-called expansion-alist in the certificate's
checksum. An example appears in a comment in the ACL2 sources, in
(deflabel note-5-0 ...).

Fixed a bug in guard verification due to expanding calls of primitives
when translating user-level terms to internal form, so called ``translated
terms'' (see term). While we have not observed a soundness hole due to this
bug, we have not ruled it out. Before the bug fix, the following event was
admissible, as guard verification succeeded (but clearly should not have).

(defun f ()
(declare (xargs :guard t))
(car (identity 3)))

For those who want details about this bug, we analyze how ACL2 generates
guard proof obligations for this example. During that process, it
evaluates ground subexpressions. Thus, (identity '3) is first simplified
to '3; so a term must be built from the application of car to '3.
Guard-checking is always turned on when generating guard proof obligations,
so now, ACL2 refuses to simplify (car '3) to 'nil. However, before
this bug fix, when ACL2 was building a term by applying car to argument
'3, it did so directly without checking guards; source code function
cons-term is `smart' that way. After the fix, such term-building
reduction is only performed when the primitive's guard is met.

While calls of many event macros had been prohibited inside executable code,
others should have been but were not. For example, the following was
formerly allowed.

Thus, several event macros (including for example
add-custom-keyword-hint) may no longer be called inside executable
code.

Fixed an assertion that could occur, for example, after reverting to prove
the original goal by induction and generating a goal of NIL. Thanks to
Jared Davis for sending us a helpful example to bring this bug to our
attention.

It was possible for defstobj to generate raw Lisp code with
excessively restrictive type declarations. This has been fixed. Thanks to
Warren Hunt for reporting this bug and sending an example that illustrates
it. See stobj-example-2 for examples of such raw Lisp code; now, one finds
(and fixnum (integer 0 *)) where formerly the type was restricted to
(integer 0 268435455).

Fixed a bug in that was ignoring the use of :computed-hint-replacement in
certain cases involving a combination of computed hints and custom keyword
hints. Thanks to Robert Krug for reporting this bug and sending a very
helpful example.

Fixed a bug in the output from defattach, which was failing to list
previous events in the message about ``bypassing constraints that have
been proved when processing the event(s)''.

(GCL only) Fixed a bug in set-debugger-enable (which was only a bug in
GCL, not an issue for other host Lisps).

Fixed a bug in the reporting of times in event summaries -- probably one
that has been very long-standing! The times reported had often been too
small in the case of compound events, notably include-book.
Thanks to everyone who reported this problem (we have a record of emails from
Eric Smith and Jared Davis on this issue).

Fixed a bug in :expandhints, where the use of :lambdas could
prevent other parts of such a hint. For example, the following invocation of
thm failed before this fix was made.

Certain ``program-only'' function calls will now cause hard Lisp errors.
(The rather obscure reason for this fix is to support logical modeling of the
ACL2 evaluator. A relevant technical discussion may be found in source
function oneify-cltl-code, at the binding of variable
fail_program-only-safe.)

There was an unnecessary restriction that FLET-bound functions must
return all stobjs among their inputs. For example, the following
definition was rejected because state was not among the outputs of h.
This restriction has been removed.

We fixed a bug, introduced in the preceding release (Version 4.3), in the
check for irrelevant formals (see irrelevant-formals). That check had been
too lenient in its handling of lambda (LET) expressions, for example
allowing the following definition to be admitted in spite of its first formal
parameter obviously being irrelevant.

Hard Lisp errors are now avoided for certain :rewrite rules: those
whose equivalence relation is other than equal when the rule is
originally processed, but is no longer a known equivalence relation when the
rule is to be stored. Thanks to Jared Davis for sending a useful example, a
minor variant of which is included in a comment in source function
interpret-term-as-rewrite-rule (file defthm.lisp).

Fixed a bug in the ACL2 evaluator (source function raw-ev-fncall), which
was unlikely to be exhibited in practice.

It is now an error to include a stobj name in the :renaming alist
(see defstobj).

Some bogus warnings about non-recursive function symbols have been eliminated
for rules of class :type-prescription.

(Allegro CL host Lisp only) Fixed an obsolete setting of compiler variable
comp:declared-fixnums-remain-fixnums-switch, which may have been
responsible for intermittent (and infrequent) checksum errors encountered
while including books during certification of the regression suite.

Fixed a proof-checker bug that could result in duplicate goal names in
the case of forced hypotheses. An example showing this bug, before the fix,
appears in a comment in the ACL2 sources, in (deflabel note-5-0 ...).

We fixed a bug in a prover routine involved in type-set computations
involving linear arithmetic. This bug has been around since at least as far
back as Version_3.3 (released November, 2007). We are not aware of any
resulting unsoundness, though it did have the potential to weaken the prover.
For example, the following is proved now, but was not proved before the bug
was fixed.

Although all bets are off when using redefinition
(see ld-redefinition-action), we wish to minimize negative effects of its
use, especially raw Lisp errors. The examples below had caused raw Lisp
errors, but no longer.

Fixed a bug that could cause hard Lisp errors in an encapsulate event.
Thanks to Sol Swords for sending an example that exhibited this bug. Here is
a simpler such example; the bug was in how it was checked whether the
guard for a guard-verified function (here, g) depends on some
function introduced in the signature of the encapsulate (here, the
function f).

Fixed a bug in mfc-relieve-hyp that we believe could prohibit its use on
the last hypothesis. Thanks to Sol Swords for reporting this bug and
providing a fix.

The syntax #! (see sharp-bang-reader) was broken after a skipped
readtime conditional. For example, the following input line caused an
error.

#+skip #!acl2(quote 3)

This bug has been fixed.

Fixed a bug in the break-rewrite utility, which was evidenced by error
messages that could occur when dealing with free variables. An example of
such an error message is the following; we thank Robert Krug for sending us
an example that produced this error and enabled us to produce a fix.

We fixed an obscure bug that we believe could interfere with defproxy
because of an incorrect (declaim (notinline <function>)) form.

CHANGES AT THE SYSTEM LEVEL AND TO DISTRIBUTED BOOKS

Improvements have been made related to the reading of characters. In
particular, checks are now done for ASCII encoding and for the expected
char-code values for Space, Tab, Newline, Page, and
Rubout. Also, an error no longer occurs with certain uses of
non-standard characters. For example, it had caused an error to certify a
book after a single portculliscommand of
(make-event `(defconst *my-null* ,(code-char 0))); but this is no longer
an issue. Thanks to Jared Davis for helpful correspondence that led us to
make these improvements.

The character encoding for reading from files has been fixed at iso-8859-1.
See character-encoding. Thanks to Jared Davis for bringing this portability
issue to our attention (as this change arose in order to deal with a change
in the default character encoding for the host Lisp, CCL), and pointing us in
the right direction for dealing with it. In many cases, the character
encoding for reading from the terminal is also iso-8859-1; but this is not
guaranteed. In particular, when the host Lisp is SBCL this may not be the
case.

Although the HTML documentation is distributed with ACL2, it had not been
possible for users to build that documentation without omitting graphics, for
example on the ACL2 home page. That has been fixed, as files
graphics/*.gif are now distributed.

Compiler warnings are suppressed more completely than they had been before.
For example, the following had produced a compiler warning when the host Lisp
is CCL, but no longer does so.

(defun f () (car 3))
(trace$ f)

Removed support for ``tainted'' certificates. One reason is that there
are rarely incremental releases. A stronger reason is that for the
compatibility of a new release is with the previous non-incremental release,
it's not particularly relevant whether or not the new release is incremental.

The `make' variable BOOKS can now be defined above the line that includes
Makefile-generic. (For relevant background, see book-makefiles.)

(SBCL only) ACL2 images built on SBCL now have an option,
--dynamic-space-size 2000, that can avoid space problems that could
previously have caused the session to die.

The default value for variable LISP in file GNUmakefile is now
ccl. Thus, if you use `make' in the standard way to build an ACL2
executable, the default host Lisp is ccl rather than gcl.

EMACS SUPPORT

EXPERIMENTAL VERSIONS

For the version supporting the reals, ACL2(r) (see real), the supporting
function floor1 has been defined in raw Lisp. This avoids an error
such as in the following case.

Calls of the macro set-waterfall-printing are no longer events, so
may not be placed at the top level of books. However, it is easy to
create events that have these effects; see set-waterfall-printing. Note
that now, :ubt and similar commands do not change the settings for
either waterfall-parallelism or waterfall-printing.

The implementation of deflock has been improved. Now, the macro it
defines can provide a lock when invoked inside a guard-verified or
:program mode function. Previously, this was only the case if the
function definition was loaded from raw Lisp, typically via a compiled file.

The underlying implementation for waterfall parallelism
(see set-waterfall-parallelism) has been improved. As a result, even the
largest proofs in the regression suite can be run efficiently in
:resource-based waterfall parallelism mode. Among these improvements is
one that can prevent machines from rebooting because operating system limits
have been exceeded; thanks to Robert Krug for bringing this issue to our
attention.

There is also a new flag for configuring the way waterfall parallelism
behaves once underlying system resource limits are reached. This flag is
most relevant to :full waterfall parallelism.
see set-total-parallelism-work-limit for more information.

The dmr utility has the same behavior in ACL2(p) as it has in ACL2
unless waterfall-parallelism has been set to a non-nil value
(see set-waterfall-parallelism), in which case statistics about parallel
execution are printed instead of the usual information.

The user can now build the regression suite using waterfall parallelism.
See the distributed file acl2-customization-files/README for details, and
see unsupported-waterfall-parallelism-features for a disclaimer related to
building the regression suite using waterfall parallelism.

When building ACL2 with both the hons and parallelism extensions (what is
called ``ACL2(hp)''), the functions that are automatically memoized by the
hons extension are now automatically unmemoized and memoized when the user
toggles waterfall parallelism on and off, respectively.

Calling set-waterfall-parallelism with a flag of t now results in
the same settings as if it were called with a flag of :resource-based,
which is now the recommended mode for waterfall parallelism. Thanks to
Shilpi Goel for requesting this feature.

The prover now aborts in a timely way in response to interrupts issued during
a proof with waterfall parallelism enabled. (This had often not been the
case.) Thanks to Shilpi Goel for requesting this improvement.

The compact-print code has been replaced by new serialization routines
contributed by Jared Davis. This may improve performance when including
books that contain make-events that expand to very large constants.
You can also now save objects to disk without going into raw lisp;
see serialize for details.

Printing of certain messages has been sped up (by using Lisp function
force-output in place of finish-output). Thanks to Jared Davis for
contributing this improvement.

It is now permitted to memoize functions that take user-defined
stobjs as inputs, provided that no stobjs are returned. Even if
stobjs are returned, memoization is permitted provided the condition is
nil, as when profiling (see profile). Thanks to Sol Swords for an
observation that led to this improvement and for useful conversations,
including follow-up leading us to improve our initial implementation.

Fixes have been made for memoizing with a non-nil value of
:ideal-okp. Errors had occurred when memoizing with a :condition
other than t for a :logic mode function that had not been
guard-verified, even with a non-nil value of :ideal-okp; and
after successfully memoizing such a function (without such :condition),
it had not been possible to unmemoize it. Thanks to Sol Swords for
reporting issues with the :ideal-okp argument of memoize.

If a book defined a function that was subsequently memoized in that
book, the function would no longer behaves as memoized upon completion of
book certification (unless that certify-book command was undone and
replaced by evaluation of a corresponding include-book command). This
has been fixed. Thanks to David Rager for pointing out the problem by
sending an example.

We now support ACL2(h) built not only on 64-bit CCL but also on all supported
host Ansi Common Lisps (i.e., all supported host Lisps except GCL). Thanks
to Jared Davis for doing much of the work to make this improvement. Note
that performance will likely be best for 64-bit CCL; for some Lisps,
performance may be much worse, probably depending in part on the underlying
implementation of hash tables.